Also we want to credit id_No2015429 of 3H Security Team for his reports for the same issue.
On Sat, Jan 21, 2023 at 1:51 AM Jarek Potiuk <[email protected]> wrote: > Severity: important > > Description: > > Improper Neutralization of Special Elements used in a Command ('Command > Injection') vulnerability in Apache Software Foundation Apache Airflow, > Apache Software Foundation Apache Airflow MySQL Provider.This issue affects > Apache Airflow: before 2.5.1; Apache Airflow MySQL Provider: before 4.0.0. > > Credit: > > Son Tran from VNPT - VCI (reporter) > > References: > > https://github.com/apache/airflow/pull/28811 > https://airflow.apache.org/ > https://www.cve.org/CVERecord?id=CVE-2023-22884 > >
